[QUICK REPORT] It appears that Wunderman Argentina left passwordless MongoDB and AWS S3 bucket open to public, with PII of their local clients, employees, internal reports, logs and admin creds to CRM system. Now secured, no words from agency. pic.twitter.com/kBD5wo88ZJ

[NEW REPORT] Bad news for golf game players who used this application to login and track its records - more than 218k users’ data exposed online as a result of improper database config. No login needed to view data in browser: securitydiscovery.com/game-golf/

It is possible that @CSIRTPanama did not detect any data breach on gov't databases, because the db I have found did not contain any attributions to any organization. It simply contained data labeled as 'patients' and it was indexed by @binaryedgeiopic.twitter.com/7ZnV4UN5IH

What an irony. Back in Jan 2016, my then-colleague (and now-friend) @VickerySec reported Earbits leak with 325K users. 3 years later, last week on @binaryedgeio I spotted the same database, now with 385K users, all open and publicly available. Outdated Mongo v.2.4.14, no pass pic.twitter.com/XgJovrCv7Y

Database with 250M+ very detailed Indian resumes that I reported a week ago was dropped by malicious actors. As per my investigation, database was not part of any company but rather scraped data collected by unknown org/person. pic.twitter.com/Z4776FOz9C